Apple has confirmed that iPhones have been targeted in highly sophisticated real-world attacks, and the company is urging all users to update immediately.
The warning comes after Apple fixed two serious security flaws in iOS 26.2, released today. Apple says the vulnerabilities “may have been exploited” against specific individuals, but security experts warn that once exploits are discovered, they rarely stay targeted for long.
What’s The Risk?
Both flaws affect WebKit, the browser engine used by Safari and many other browsers and apps on iOS. In simple terms, attackers could potentially:
- Run malicious code just by getting a victim to open a web page
- Corrupt system memory and break out of Apple’s security sandbox
Experts say the two bugs were likely chained together, a common technique used by spyware such as Pegasus, allowing attackers to fully compromise a device.
Be Careful
Although Apple says the attacks were “targeted,” security researchers stress that once details become public, criminals and spyware vendors rush to reuse the same techniques.
“WebKit is a single point of failure,” warned James Maude from BeyondTrust. “If it’s vulnerable, your entire device can be exposed just by viewing content online.”
Since 2023, attackers have exploited at least 17 WebKit zero-day vulnerabilities in the wild.
Update Now
Apple strongly recommends updating to iOS 26.2 immediately, especially if you’re still running an earlier version of iOS. While Apple continues to patch older releases, experts say delaying updates significantly increases risk.
“There’s no workaround,” said Keeper Security CEO Darren Guccione. “Installing the update is the only effective defense.”
The Bigger Picture
Apple’s warning follows a similar alert from Google earlier this month after active exploits hit Android users. Both iOS and Android are increasingly targeted by a growing commercial spyware industry, making fast updates more critical than ever. If your iPhone hasn’t updated yet, do it now. Once security fixes are public, the danger only grows for those who delay.
